-
New source: mqtt()
You can use the mqtt() source to fetch messages from MQTT brokers.
-
New destination: discord()
The discord() destination driver sends messages to Discord using Discord Webhook.
-
New parser: fortigate-parser()
The Fortigate parser can parse the log messages of FortiGate/FortiOS (Fortigate Next-Generation Firewall (NGFW)). These messages do not completely comply with the syslog RFCs, making them difficult to parse. The fortigate-parser() of syslog-ng OSE solves this problem, and can separate these log messages to name-value pairs. For details on using value-pairs in syslog-ng OSE see Structuring macros, metadata, and other value-pairs. The parser can parse messages in the following format:
-
New parser: regexp-parser()
The syslog-ng OSE application can parse fields from a message with the help of regular expressions. This can be also achieved with the match() filter, by setting the store-matches flag, but the regexp-parser() offers more flexibility, like multiple patterns and setting the prefix of the created name-value pairs.
-
New filter: rate-limit()
Limits messages rate based on arbitrary keys in each message.
-
New options for the kafka() destination C implementation
Options batch-lines() and batch-timeout() have been added.
-
New options for the kafka() destination C implementation
Options batch-lines() and batch-timeout() have been added.
-
New option value: transport("text-with-nuls")
text-with-nuls: Allows embedded NUL characters in the message from a TCP source, that is, syslog-ng OSE will not delimiter the incoming messages on NUL characters, only on newline characters (contrary to tcp transport, which splits the incoming log on newline characters and NUL characters).
-
New option for file() destination: symlink-as()
The configured file name will be used as a symbolic link to the last created file by file destination.
-
New options for redis() destination driver
Added workers() and Match mode support to the Redis destination driver.
-
New --remove-orphans option in syslog-ng-ctl stats
New option --remove-orphans has been added to the stats command.
-
New options for the mongodb() destination
Options collection() and workers() have been added.
-
disk-buffer() has been updated
New option: truncate-size-ratio(), and other changes.
-
time-reopen() option on multiple drivers
The time-reopen() option was only configurable on the global options{} level. Now every driver, which utilizes it can configure it on the driver level.
-
New flag(): no-rfc3164-fallback
This flag allows to attempt parsing RFC5424 first without an automatic fallback to RFC3164.
-
New TLS option: keylog-file()
This option enables saving TLS secrets (decryption keys) for a given source or destination, which can be used to decrypt data with, for example, Wireshark. The given path and name of a file will be used to save these secrets.
-
Other enhancements
-
Monitoring - Metrics: message size and EPS.
-
Update the no-parse flag.
-
Added a note to the disk-buffer() dir() path.
-
Added macOS and NetBSD to the system() source.